The Register

It's a threat straight out of sci-fi, and fiendishly hard to detect

Sleeper agent-style backdoors in AI large language models pose a straight-out-of-sci-fi security threat.…

Picks chap who used to lead Redmond’s security, lures replacement from Google

Microsoft CEO Satya Nadella has decided Microsoft needs an engineering quality czar, and shifted Charlie Bell, the company’s executive veep for security, into the new role.…

LLMs automated most phases of the attack

A digital intruder broke into an AWS cloud environment and in just under 10 minutes went from initial access to administrative privileges, thanks to an AI speed assist.…

US agencies told to patch by Friday

Attackers are exploiting a critical SolarWinds Web Help Desk bug - less than a week after the vendor disclosed and fixed the 9.8-rated flaw. That's according to America's lead cyber-defense agency, which set a Friday deadline for federal agencies to patch the security flaw.…

Gang walks away with nothing, victims are left with irreparable hypervisors

Cybersecurity experts usually advise victims against paying ransomware crooks, but that advice goes double for those who have been targeted by the Nitrogen group. There's no way to get your data back from them!…

Affected police officers squeezed mental health services, relocated over safety fears

Police Service of Northern Ireland (PSNI) employees who had their details exposed in a significant 2023 data breach will each receive £7,500 ($10,279) as part of a universal offer of compensation.…

As analyst house Gartner declares AI tool ‘comes with unacceptable cybersecurity risk’ and urges admins to snuff it out

If you’re brave enough to want to run the demonstrably insecure AI assistant OpenClaw, several clouds have already started offering it as a service.…

Don't relax: This is a 'when, not if' scenario

AI agents and other systems can't yet conduct cyberattacks fully on their own - but they can help criminals in many stages of the attack chain, according to the International AI Safety report.…

Too slow react-ion time

Baddies are exploiting a critical bug in React Native's Metro development server to deliver malware to both Windows and Linux machines, and yet the in-the-wild attacks still haven't received the "broad public acknowledgement" that they should, according to security researchers.…

GreyNoise's Glenn Thorpe counts the cost of missed opportunities

On 59 occasions throughout 2025, the US Cybersecurity and Infrastructure Security Agency (CISA) silently tweaked vulnerability notices to reflect their use by ransomware crooks. Experts say that's a problem.…

Algorithmic bias probe continues, CEO and former boss summoned to defend the platform's corner

French police raided Elon Musk's X offices in Paris this morning as part of a criminal investigation into alleged algorithmic manipulation by foreign powers.…

Azure Storage now requires version 1.2 or newer for encrypted connections

Today is the day Azure Storage stops supporting versions 1.0 and 1.1 of Transport Layer Security (TLS). TLS 1.2 is the new minimum.…

DDoSer of 'strategically important' websites admitted to most charges

Polish authorities have cuffed a 20-year-old man on suspicion of carrying out DDoS attacks.…

Your own personal Jarvis. A bot to hear your prayers. A bot that cares. Just not about keeping you safe

OpenClaw, the AI-powered personal assistant users interact with via messaging apps and sometimes entrust with their credentials to various online services, has prompted a wave of malware and is delivering some shocking bills.…

Armed Forces Bill would let troops take action against unmanned threats around defense sites

Britain's defense personnel will be given the authority to neutralize drones threatening military bases under measures being introduced in the Armed Forces Bill, currently making its way through Parliament.…

The group targets telecoms, critical infrastructure - all the usual high-value orgs

Security researchers have attributed the Notepad++ update hijacking to a Chinese government-linked espionage crew called Lotus Blossom (aka Lotus Panda, Billbug), which abused weaknesses in the update infrastructure to gain a foothold in high-value targets by delivering a newly identified backdoor dubbed Chrysalis.…

The ICE-tracking service says it doesn't store usernames or addresses

ICE-reporting service StopICE has blamed a US Customs and Border Protection (CBP) agent for attacking its app and website and sending users text messages warning them that their information had been "sent to the authorities."…

Ukraine’s CERT says the bug went from disclosure to active exploitation in days

Russia-linked attackers are already exploiting Microsoft's latest Office zero-day, with Ukraine's national cyber defense team warning that the same bug is being used to target government agencies inside the country and organizations across the EU.…

Your favorite menu item might be easy to remember but it will not secure your account

Change Your Password Day took place over the weekend, and in case you doubt the need to improve this most basic element of cybersecurity hygiene, even McDonald's – yes, the fast food chain – is urging people to get more creative when it comes to passwords. …

Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page

Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot, as multiple projects patch bot takeover and remote code execution (RCE) exploits.…